Chrome users on the developer channel or Canary will see download warnings if they try to download a file on a website that matches the list of malicious websites published by Google’s Safe Browsing Api. The warning reads “This file appears to be malicious. Are you sure you want to continue” with options to discard [...]
Security
- Author: Martin Brinkmann
- Comments: 3
This File Appears To Be Malicious, Google Chrome Safe Browsing Protection
- Author: Martin Brinkmann
- Comments: 13
Encrypt Your Windows Pagefile To Improve Security
There is nothing better than encrypting the system partition and all other partitions if you want to protect your files from unauthorized access. There are still ways around this but they require specialized equipment and access to the PC. Regular users on the other hand may be better off encrypting only their important documents and [...]
- Author: Mike Halsey MVP
- Comments: 2
Why we Need Technology Transparency Info for Websites
It’s been over a decade now that we’ve had secure socket layer (SSL) encryption technology for making Internet transactions safe. With only a very few exceptions, including a certificate cloning scare a couple of years ago, it’s worked very well and has enabled millions of people online to perform trillions of online purchases and financial [...]
- Author: Jack Wallen
- Comments: 1
Set up a Linux VPN Server with Gadmin-VPN-Server
There are so many reasons why a VPN Server makes perfect sense. For one, anyone with the credentials and the address can then gain access to the internal network from an external source. This enables users to work remotely and still have access to resources they wouldn’t otherwise have access to. There are obviously plenty [...]
- Author: Matt Newell
- Comments: 7
URL X-Ray, Reveal URL Shortener Link Destinations
If you have ever had your browser and your computer hijacked, it can be one of the most unpleasant experiences. This sort of problem will take a lot of hours for you to clean up, and if it’s really bad, it can take days, and sometimes a loss of precious money and unrecoverable data. As [...]
- Author: Martin Brinkmann
- Comments: 14
How To Backup True Crypt Data To Be Prepared For Emergencies
I have been using the encryption software True Crypt for years and ran only once into a situation where I nearly lost all the data on one of the partitions. Back then the header of the volume became corrupt, but since I had a backup of the header I was able to restore it so [...]
- Author: Martin Brinkmann
- Comments: 5
Microsoft Updates Windows To Block Fraudulent Digital Certificates
If you follow this blog closely you may have noticed that several browser developers have pushed security updates in the past week (see Mozilla Releases Firefox 3 Security Updates for instance) that block several invalid digital certificates to protect users from attacks exploiting those certificates. Microsoft is currently pushing out a Windows Update that addresses [...]
- Author: Martin Brinkmann
- Comments: 3
Adobe Security Updates For Flash, Adobe Reader
Adobe has released updates for their popular Adobe Flash Player, Adobe Reader and Adobe Acrobat applications. The updates address a critical security vulnerability that was discoveredearlier this month. The critical vulnerability affects Adobe Flash, and since Adobe implemented Flash technology in Adobe Reader and Acrobat, those products as well. The Flash vulnerability affects all Adobe [...]
- Author: Jack Wallen
- Comments: 2
openSUSE 11.4 security settings
Since doing my first reviews of openSUSE 11.4 I have become a big fan. Not only is it one of the most stable and reliable distributions to date, it also offers KDE 4.6, LibreOffice, and a whole slew of other features that should appeal to most Linux users. And openSUSE can be used by nearly [...]
- Author: Martin Brinkmann
- Comments: 3
How To Enable HTTPS On Twitter
Twitter made an announcement earlier today that they have added an “always use HTTPS” option on the popular messaging website. HTTPS protects the connection to Twitter from third parties that try to eavesdrop on network traffic. A small example: Say you log in via http while sipping on a hot cup of Java in your [...]
- Author: Martin Brinkmann
- Comments: 5
New Critical 0-day Flash Vulnerability Exploited Via Excel Attachments
Adobe today has released a new security advisory for Adobe Flash Player, Adobe Reader and Acrobat. All three applications are affected by a critical 0-day vulnerability that is exploited via Excel email attachments. Vulnerable versions are Adobe Flash Player 10.2.154.33 and earlier for all supported desktop operating systems, Adobe Flash Player 10.1.106.16 and earlier for [...]
- Author: Martin Brinkmann
- Comments: 8
Microsoft March 2011 Patch Day Overview
Microsoft has released new security patches on yesterday’s Patch Day that address vulnerabilities in various Microsoft products including Microsoft Windows and Microsoft Office. The updates that have been released are already available via Windows Update and the Microsoft Download Center. One of the vulnerabilities has a maximum severity rating of critical, the highest possible. The [...]
- Author: Martin Brinkmann
- Comments: 2
MultiScan, Scan Local Files With Multiple Antivirus Programs
The idea to scan files with multiple antivirus engines is not new, online portals such as Virustotal offer that feature for quite some time. If you look at desktop applications you notice that there are not many that offer a similar functionality. Programs that fall into the category are the previously reviewed Antivirus Multi and [...]
- Author: Martin Brinkmann
- Comments: 4
Avira DE-Cleaner, On Demand Virus Scanning
Avira DE-Cleaner is a new specialized security software from the makers of the popular antivirus software AntiVir. The program has been designed as an on-demand virus scanner that can be installed or used as a portable version. The tool has been created in cooperation with the Anti-Botnet Advisory Center, an initiative run by the Association [...]
- Author: Martin Brinkmann
- Comments: None
LastPass Fixes XSS Vulnerability, Improves Security
Ghacks regulars know that I’m a big supporter of the free cloud based password manager LastPass. The program is available for popular web browsers and mobile devices, and offers many comfortable password and login related features. This includes online password management, one-click log ins, user profiles to fill out forms faster, a secure password generator [...]
- Author: Martin Brinkmann
- Comments: 4
Telecommunications Data Retention, What It May Reveal About You
Ever wanted to know what government agencies can find out about you thanks to telecommunications Data Retention laws? In telecommunications, data retention refers to the, often temporary, storage of phone records and Internet traffic by commercial organizations like phone companies and ISPs. Data types and retention time differs from country to country, but all can [...]
- Author: Martin Brinkmann
- Comments: 29
Avast 6 Antivirus Software With AutoSandbox, Web Rep
Avast has just released the final version of their antivirus software Avast 6 which has been available as a beta version for some time. Avast Free Antivirus 6.0 is a free for personal and non-commercial use. It offers antivirus and anti-spyware protection for Windows PCs. The developers have added several new features to Avast Free [...]
- Author: Martin Brinkmann
- Comments: 3
Solid State Drives And Encryption, A No-Go?
Modern Solid State Drives are faster than their platter-driven brethren. They do have additional advantages like being completely silent when operating and better shock proof. The disadvantages are the high price per Gigabyte of storage space and unreliability when it comes to erasing or deleting data from the storage media. Especially the latter point can [...]
- Author: Martin Brinkmann
- Comments: 9
Enable Google 2-Step Verification Right Now, Even If It Is Not Available
You may have heard about Google’s latest effort to improve the account security for Google account users: 2-Step verification. Google basically adds a second authentication layer to the standard username and password log in process. The second step utilizes a smartphone with options to receive a one-time code per SMS or to install an app [...]
- Author: Jack Wallen
- Comments: 6
Linux 101: Using chmod and chown
When you use Linux long enough you are going to use the command line. Although nearly every command line trick can be done from a GUI front end now, there are times when the command line is the only route (headless server for example). When you have to go that route, you will be glad [...]
- Author: Martin Brinkmann
- Comments: 9
Oracle Finally Releases Java 6 Update 24
Critical Java vulnerabilities were discovered in the beginning of February which affected the Java Runtime Environment and Java Development Kit. The affected versions were JRE 6 Update 23 and earlier on all supported operating systems. Instead of releasing a security patch right away, Oracle decided to release a command line tool first to patch the [...]
- Author: Martin Brinkmann
- Comments: 15
WinMend Folder Hidden, Hide Folders From Other Windows Users
It sometimes may be important to hide folders on a multi-user system to avoid access to the files stored within. It makes sense for instance for important documents to prevent that other users (kids anyone?) tamper with the data or access it. Hidden folders are not really a protection on the other hand, as it [...]
- Author: Martin Brinkmann
- Comments: 10
True System Security Tweaker For Windows
True System Security Tweaker offers to change, enable or disable more than 450 security related settings in Windows. The portable application concentrates on user restrictions that are grouped into categories in the application interface. More than 20 categories are available of which some link to sub-categories. Among them security settings for Internet Explorer, the Windows [...]
- Author: Martin Brinkmann
- Comments: 2
Google Rolls Out Advanced Sign-In Security
A Google account is currently only protected by a username, which in most cases is an email address, and a password. Threats like phishing, brute forcing and social engineering are very common on today’s Internet. To protect its users, Google has decided to roll out an advanced sign-in security feature for Google accounts that makes [...]
- Author: Martin Brinkmann
- Comments: 4
Java Update Addresses Critical Security Vulnerability
It feels like I’m patching computer systems all day long in the last two days. First the monthly Windows Update, then Adobe with its patches and now Oracle and Java. This is madness and unfortunately a necessary evil. Oracle has just released a security advisory that details a critical security vulnerability in the JDK and [...]
- Author: Martin Brinkmann
- Comments: 9
Microsoft Windows Autorun Updates Restricts Functionality
One of the updates of yesterday’s patch day slipped through my grasps, mainly because I’m running Windows 7 and the update was not for that operating system. Ghacks reader Ilev let me know about it in the comments of my patch day overview guide Microsoft Security Bulletin Overview February 2011. Autorun has been a problematic [...]
- Author: Martin Brinkmann
- Comments: 5
Microsoft Security Bulletin Overview February 2011
Microsoft has just enabled downloads for today’s security patches on Windows Update. Today’s Patch Day brings 12 security bulletins that fix vulnerabilities of various severity affecting the Microsoft Windows operating system, Internet Explorer and Microsoft Office. Three of the vulnerabilities have a maximum severity rating of critical, the highest possible rating. The remaining 11 have [...]
- Author: Martin Brinkmann
- Comments: 2
TDSSKiller, Kaspersky TDSS Rootkit Remover
One of the most notorious rootkit families on today’s Internet is the TDSS Rootkit family which is known as Rootkit.Win32.TDSS, Tidserv, TDSServ or Alureon. The rootkit began to spread in 2008 and is one of the causes for unauthorized Google Redirects that users experience when the rootkit is active on their PC system. One of [...]
- Author: Martin Brinkmann
- Comments: None
Microsoft, Adobe Post February 2011 Patch Day Information
Patch Tuesday is coming up and Microsoft has released an advanced notification about the upcoming security patches. Patch Tuesday refers to the second Tuesday of each month on which security patches are released to the public. The Microsoft Security Bulletin Advance Notification for February 2011 details the upcoming patches. A total of 12 security bulletins [...]
- Author: Martin Brinkmann
- Comments: 4
Amazon Login May Accept Password Variants
The online shopping portal Amazon may accept password variants during login according to the German technology news site Heise Online. According to the information published there, Amazon may accept passwords that are not the exact password of the user account. The login script may ignore upper and lower case as well as characters after the [...]
- Author: Martin Brinkmann
- Comments: 2
Windows 0-Day Vulnerability Workaround
A new 0-day vulnerability has been confirmed yesterday. The vulnerability affects all client and server versions of Microsoft Windows up to and including Windows 7 and Windows Server 2008 R2. Security Advisory 2501696 reveals that the “vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document” and that it [...]
- Author: Jack Wallen
- Comments: None
Add serious web content control with WebContentControl in Linux
There are many reasons why you might want or need to control what is seen via a web browser. Be it children, work, or any other reason, you might want to have more control than just your standard proxy software offers. That is where the incredibly powerful WebContentControl comes into play. The WebContentControl GUI takes [...]
- Author: Martin Brinkmann
- Comments: 1
Do Not Trust Google Instant Previews Security Wise
For a few months now Instant Previews has been part of the Google search engine. The feature is triggered with a click on one of the magnifying glasses displayed on search results pages and works from then on on that page just by hovering over a search result. The image displays a visual representation of [...]
- Author: Martin Brinkmann
- Comments: 5
Facebook Apps Now Able To Grab Mobile Phone Number, Address
Facebook and privacy, the saga will never end it seems. A recent blog posting over at Facebook by Jeff Bowen outlines some of the platform updates for developers. The announcement is technical and most users have probably skipped it altogether, if they did find it in the first place that is. Probably the most important [...]
- Author: Martin Brinkmann
- Comments: 4
Adobe’s Flash Sandbox Not So Secure After All
The idea on paper sounded great: Add a sandbox to Adobe Flash to prevent many attacks from affecting the underlying operating system. It appears however that the sandbox which has been introduced in December 2010 is not as effective as it could be. Security researcher Billy Rios discovered a way to bypass Adobe’s Flash Player [...]
- Author: Martin Brinkmann
- Comments: 10
Shields Up, Test Your Firewall Online
The firewall is used to control incoming and outgoing traffic. Many users believe that simply installing a firewall is enough to protect their computer from malicious attacks but that does not have to be the case. An improperly configured firewall can do more damage than harm, or at least leave some attack vectors open that [...]
- Author: Mike Halsey MVP
- Comments: 5
Has Tech-Companies Intellectual Property Gone Too Far?
Sony have announced that they’re suing the hackers who uncovered the security codes for the PlayStation 3, that the console uses to determine that software is genuine. This means that anybody who has access to this code can use it in non-approved (and even pirated), software to get that to run happily on the console. Microsoft are [...]
- Author: Martin Brinkmann
- Comments: 4
Microsoft Security Bulletin Overview January 2011
The second Tuesday of a month is Microsoft’s patch day where the software company releases security patches and fixes for its products. The first patch day of the year 2011 brings two security bulletins that patch vulnerabilities in the Windows operating system. MS11-002 patches vulnerabilities in Microsoft Data Access Components that could allow remote code [...]
- Author: Mike Halsey MVP
- Comments: 1
Global Spam Levels in Mysterious Month-on-Month Fall – Update
Yesterday I wrote here that global spam levels had dropped mysteriously month on month since August 2010 from a high of about a quarter of a trillion messages a day to about 50 billion. Just to show how quickly everything can change in the world of technology, it all suddenly changed again yesterday. New reports [...]
- Author: Mike Halsey MVP
- Comments: 5
Global Spam Levels in Mysterious Month-on-Month Fall
It’s been reported that the total volume of global spam email that is being sent has fallen, month-on-month since the beginning of August 2010 and nobody knows why. The fall, which you can see in the graph below, shows a steady decline from almost a quarter of a trillion messages every day to just 50 [...]
- Author: Martin Brinkmann
- Comments: 1
No Patches For Internet Explorer Vulnerabilities This Month
Microsoft will be releasing two security bulletins on this January’s patch day leaving two security vulnerabilities affecting Internet Explorer and one issue affecting the Windows graphics rendering engine unaddressed. The first vulnerability affects Internet Explorer 6 to Internet Explorer 8 on all versions of the Windows operating system starting with Windows XP and ending at [...]
- Author: Martin Brinkmann
- Comments: 12
Why I Do Not Review The Firefox Add-On Dubser
I review Firefox add-ons regularly and i like the thrill of diving into the depths of the Firefox add-on gallery to find new add-ons that I have not reviewed yet. Especially so if the add-on description sounds promising. Recently I have discovered an add-on called Dubser which is listed at the Mozilla website. Dubser sounds [...]
- Author: Martin Brinkmann
- Comments: 180
Panda Cloud Antivirus Pro Giveaway And Review
Panda Cloud Antivirus is a free antivirus software for the Windows operating system that comes as a free and professional version which differ in functionality. Both versions offer antivirus protection that includes protection against trojans, viruses, rootkits and spyware and behavioral blocking against new and unknown threats. The pro version adds on top of that [...]
- Author: Martin Brinkmann
- Comments: 7
WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
An update to the popular blogging platform WordPress has just been released that fixes a critical security vulnerability in the software. WordPress 3.0.4 is already available for download at the official website and through the updating options on installed WordPress blogs. The update is currently not announced on the frontpage of the admin interface which [...]
- Author: Jack Wallen
- Comments: 3
Allow Samba through your Linux firewall with ufw
As most of you know, Samba allows your Linux machine to work with Windows machines (and vice versa). Without Samba Linux would be locked in an unable to play nicely on heterogeneous networks. So what most Linux users do is install Samba to allow file/folder sharing and network browsing. Typically speaking, Samba is very easy to install [...]
- Author: Martin Brinkmann
- Comments: 6
IObit Cloud, Online Antivirus File Analysis
When in doubt verify. That’s one of the maxims that I use daily to avoid running into troubles. That’s especially true for files and programs that I want to test and run on my system. Sometimes they come from untrustworthy sources, and even though I have antivirus installed I prefer to double-check those files to [...]
- Author: Martin Brinkmann
- Comments: 2
PayPal Your Account Has Been Temporarily Limited Phishing Emails
Phishing is still one of the common threats on today’s Internet. Criminals try to get account information and other personal information from users by faking emails and websites of trusted services, websites and authorities. Phishing is very common in the financial sector and PayPal is by far the service with the largest amount of phishing [...]
- Author: Jack Wallen
- Comments: 10
Setup Ubuntu to browse Windows network by hostname
By default, a Ubuntu desktop with Samba installed will be a member of the Windows workgroup named WORKGROUP. Because that machine is a member of WORKGROUP, you would think you could browse and connect to other machines on the same network by hostname. That is not the case. Instead you would still have to locate [...]
- Author: Jack Wallen
- Comments: 12
Five tips for keeping your Ubuntu desktop safe
So you finally made the plunge and have a brand spanking new Ubuntu Linux desktop. You feel far more superior and safer than you did prior to using Linux. So much more safer you feel like there’s nothing more you need to do to keep your machine and your data safe. And relatively speaking you [...]
- Author: Jack Wallen
- Comments: None
Create an ssh key with Seahorse
Seahorse is a very powerful tool for the creation and managing of various keys. Seahorse is the default keyring manager for the GNOME desktop. I have covered Seahorse here on Ghacks before (see “Create, sign, and publish your PGP keys with Seahorse“), but one aspect I didn’t cover was the use of Seahorse for secure [...]
